Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Hundreds of thousands of workplaces use software to manage employees. Now, a new lesson has found that many of these tools share data not only with employers, but also with digital marketing platforms and data marketers.
The review was led by Stephanie Nguyen, senior fellow at Columbia Law School’s Center for Law and Economy and former chief technology officer of the Federal Trade Commission under Lina Khan. It reviewed nine job analysis software (or “bossware”) and found that they all share information with third-party platforms. The data ranged from names and email addresses to web history, and recipients included Facebook, Google, and Microsoft.
“The interesting thing about this study is that every platform, nine out of nine companies, share employee data with external companies. Everyone,” Nguyen said. Seaside in conversation. “That surprised me.”
Seven of the nine platforms — Apploye, Desklog, Hubstaff, Monitask, Buddy Punch, VeriClock, and When I Work — did not immediately respond. SeasideRequests for comments. Ciaran Hale, chief technology officer at another platform, Vice, said that “third-party relationships are limited to trusted service providers and infrastructure that support the delivery, security, and reliability of our platform.” Hale added that Vice has strict privacy policies and that the researchers “appear to have integrated B2B-type cookies found on our corporate websites (such as advertising campaigns) with our secure user experience.” In his statement, Nguyen responded, “We saw what the employee had from the moment he came in second.com and hit ‘Log In.’ What we have found is that your personal information, including names, e-mails, and company names, is sent to third parties every time someone uses it, whether they are an employee or an employer.
The ninth, Doctor of Time, provided information about sharing data through an AI assistant but not a response from a human spokesperson. The nine customers on all platforms include Amazon Ring, Ben & Jerry’s, Ticketmaster, Verizon, and Tesla, according to the disclosure. Together, they serve “thousands of workplaces in many sectors,” the report said.
“Every platform, nine out of nine companies, share employee data with external companies”
To find out where employee data is going, the researchers reviewed public access information such as usage and privacy policies, and created test accounts on nine platforms for managers and employees. They hacked a number of networks with an open source tool used to monitor traffic and other activities. They found that the devices shared information including employee names, email addresses, and companies, as well as information about employees’ online activities, including their IP addresses and the websites they visited. Three of the nine platforms reviewed have the ability to track the exact location of employees, even when the software is running in the background, the review found.
Bossware poses risks even without sharing them. The data can be used to make decisions that may be biased or make false assumptions — for example, the researchers say, misrepresenting an employee’s health and fitness levels in their management.
Sending the message to other people makes it possible for people to be harassed. The researchers point to “data append” services, i.e., which are able to collect individual-specific information from a central group – including anonymous information. They warn that adding workplace details could help create a “picture of the ’employee history'” that follows people after they leave their jobs. It could also help other people, such as advertisers, to focus on how they are being disrupted or whether they want to leave their employer.
“Workers often can’t resist being seen”
The US does not have a national privacy policy for consumers, but employees may be at risk. Although they are fully aware that the machine is tracking them, they may not understand the extent of the monitoring, and where the information is going. They may not even be able to avoid it. The report states: “Employees are often unable to resist surveillance, change employers, or opt out of their employer’s surveillance practices without putting their jobs at risk.
They offer a “bright line” solution to the problem: prevent employee data from being shared or sold to third parties; restricting the collection of personally identifiable information about employees, including tracking off-hours locations; and reduce the length of time bossware companies can store information. They encourage federal and state officials to consider whether data collection and disclosure to other employees may violate federal privacy laws or be inappropriate when used in ways that employees may not expect. They also say it could violate the Fair Credit Reporting Act, if used to make employment decisions.
“Incentives are there for workplaces to try to collect, sell, resell data,” Nguyen said. “What actually happens, and tracking the process, is one of the things we want to continue to explore.”
Follow topics and authors from this article to see more like this on your home page and to receive email updates.
